wiki:GEC22Agenda/FederationStrategies

Version 9 (modified by mbrinn@bbn.com, 5 years ago) (diff)

--

GEC22 Strategies for Cyber Infrastructure Integration

Schedule

Tuesday 2.00pm - 3.30pm

Session Leaders

Marshall Brinn
GPO
Brecht Vermeulen
iMinds

Description

The goal of the session is to review current practices, lessons learned (often the hard way) and future goals for how different CI frameworks can integrate as well as how the resource topologies provisioned by those frameworks can integrate. We will discuss both mechanisms for sharing data and connections as well as mechanisms for ensuring trust to support that sharing.

Pre-requisites / Pre-work

None

Agenda

We will have several short talks reflecting each speaker's experience in this area:

  • Brecht Vermeulen, iMinds
  • Rob Ricci, Cloud Lab / Emulab
  • Kate Keahey, Chameleon
  • Vinod Mishra, ARL
  • Makiachi Hayashi, KDDI
  • Marshall Brinn, GPO

After these presentations, we will have an open panel-style discussion on these topics, trying to gather experiences, lessons learned and best practices from attendees as well as the presenters.

Summary

Marshall Brinn opened with a presentation on the challenges of "Confidence" versus "Convenience" in applying strategies for integration of cyber-infrastructure. Where is the right trade-off between making something secure and accessible to both internal and external users? His presentation is attached below.

Brecht Vermeulen of iMinds discussed the different approaches towards authorized authenticated services in jFED and iMinds. He talked about the common Federation and AM API efforts and the jFED tool, and the twice-daily regression testing that they use to provide a broad sense of confidence in the resource availability and reliability. He talked about GEANT providing a NOC for Fed4Fire and that the EU has 13+ testbeds that are loosely federated in different ways. He's interested in pursuing policy-based quotas on allocations across administrative domains.

Rob Ricci of Utah described "Lessons learned in Connecting to Cyber Infrastructure" (presentation attached). In summary, he emphaseed that

  • Infrastructure doesn't federate: people federate.
  • Federation structures between people are complex and vary a lot (and thus build loose, rather than strict, federations)
  • "Any sufficiently advanced federation is distinguishable from a single facility"
  • Users want to do research or take classes, not learn about infrastructure
  • Enable people to use the infrastructure for things you didn’t think you designed it for, without asking your permission.

Kate Keahey of Argonne and the Chameleon project discussed the need for descriptive policies for authorization in the FutureGRID and GRID5000 efforts. There is a critical need to encode some kind of MOU between entities to allow using one another's infrastructure. Need to overcome the differences between different infrastructures and their representation and that a common representation for querying and reporting is a critical enabler. She expressed interest in the formalization of policies and interoperable APIs.

Vinod Mishra of ARL talked about their recent efforts in building SDN-based cyber infrastructure within the DoD. He layed out an architectural map of different layers at which programmability and control can take place and placed SDN in the DOD context, emphasizing issues of ad hoc network configurations and networking in environments of unreliable communications.

Makiachi Hayashi discussed plans at KDDI and Nakao Labs for SEP (Slice Exchange Point) built from the VNODE capability and other similar capabilities in the EU and US. They are looking for more commonality in APIs and policy representations and more of a plug-and-play approach. Ultimately they are interested in scaling up to an international network comprising a large set of SEPs.

Alan Sill of Texas Tech and the GRID community cautioned that we not confuse technology and poliy. In OGF (Open Grid Foundation) they write policies on paper first to make sure people understand and agree and then try to implement guards for these policies.

Attachments (3)

Download all attachments as: .zip